Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yAqFcljm9H8JX4FzG8UxJVcVsf4.roa
File:                     yAqFcljm9H8JX4FzG8UxJVcVsf4.roa (raw, json)
Hash identifier:          GoGNFg6um6OAapbSI8xuBn/oRf7ZX/Lv8c62RynvYAQ=
Subject key identifier:   C8:0A:85:72:58:E6:F4:7F:09:5F:81:73:1B:C5:31:25:57:15:B1:FE
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8C1514085FD085066A294A6C3FD2
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yAqFcljm9H8JX4FzG8UxJVcVsf4.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210240
IP address blocks:        141.101.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8c:15:14:08:5f:d0:85:06:6a:29:4a:6c:3f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c80a857258e6f47f095f81731bc531255715b1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f1:bd:06:1f:f9:f6:58:4c:5e:7e:50:d7:88:
                    eb:f7:88:4d:b9:03:47:59:98:c4:47:da:f7:d0:50:
                    ab:a3:3b:d2:44:16:1e:b2:01:0c:9c:ee:5a:81:2b:
                    72:f4:89:dd:57:ef:cd:87:76:c5:a9:5d:1d:57:3c:
                    f6:05:35:9c:63:ec:e4:b3:fc:40:14:68:d8:74:6d:
                    41:e8:77:6f:50:09:07:36:bb:04:31:07:77:71:b7:
                    7f:57:11:91:06:92:68:04:3c:a8:07:e9:f5:c3:00:
                    c0:4e:ae:30:25:1c:78:31:c6:e4:fb:d7:8b:9d:ad:
                    05:18:af:61:6f:05:8f:7a:20:14:29:c3:08:88:07:
                    7f:62:7b:c7:ba:48:17:1a:35:1b:4a:dc:e7:8f:05:
                    f8:20:98:6e:cf:6e:e1:b8:3c:ca:b7:70:d5:67:95:
                    73:cc:69:e9:58:45:31:88:be:36:55:6b:01:4d:73:
                    b7:ad:da:af:b7:e3:62:9e:35:d9:ae:4f:47:2b:b8:
                    5f:0b:40:1e:f7:1c:72:c4:e8:da:9f:8d:1b:b5:ca:
                    a3:9c:1a:3d:52:65:48:9f:81:f9:0f:fd:12:ef:52:
                    ef:8a:e6:04:0e:8e:dd:f9:a7:96:89:a0:55:58:24:
                    8e:0c:29:7c:41:26:8e:82:57:bc:99:6a:8c:24:9d:
                    ab:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0A:85:72:58:E6:F4:7F:09:5F:81:73:1B:C5:31:25:57:15:B1:FE
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yAqFcljm9H8JX4FzG8UxJVcVsf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a7:82:3a:be:f3:b5:e3:9f:b1:5b:08:e2:79:67:cf:7d:23:
         c3:db:17:8d:6c:96:af:29:ee:79:e0:97:8d:4f:bf:63:d5:ef:
         b7:6f:fc:ba:6a:82:69:51:12:6b:b2:cf:d6:7e:eb:f1:4f:47:
         60:0e:73:47:8e:88:86:ca:3a:26:0a:0c:ff:3a:90:ad:a2:49:
         8c:86:0c:3f:ea:ed:59:77:16:77:28:ae:39:f2:d7:f5:5c:a9:
         20:f4:e2:aa:75:5e:af:c8:63:57:a5:66:02:45:42:3e:7e:b4:
         1a:d6:d0:49:18:f7:38:53:e8:88:f9:c7:14:51:49:8f:7e:b2:
         ed:ce:cd:20:da:96:63:30:f1:e2:71:f6:3a:94:37:ab:83:72:
         a5:3d:ae:a8:78:46:e8:6c:8c:26:d4:1c:8b:b2:b3:2b:be:37:
         ba:70:60:75:8e:0a:f3:ec:d6:53:40:b1:66:98:41:03:a5:54:
         1d:ae:b9:65:0a:e5:4c:24:67:48:cb:ec:29:97:b6:17:61:86:
         f3:83:4e:2d:b6:68:d0:9b:c6:a5:14:8f:0b:05:f3:56:c6:e4:
         9c:18:5a:d6:3b:48:31:11:aa:cf:74:0f:1c:9f:63:e4:aa:76:
         ce:65:e2:3b:a2:58:96:33:7c:95:20:5d:8c:80:a9:41:03:1e:
         4d:31:7f:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSowVFAhf0IUGailKbD/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBhODU3MjU4ZTZmNDdmMDk1ZjgxNzMxYmM1MzEyNTU3MTViMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPG9Bh/59lhMXn5Q14jr94hNuQNH
WZjER9r30FCrozvSRBYesgEMnO5agSty9IndV+/Nh3bFqV0dVzz2BTWcY+zks/xA
FGjYdG1B6HdvUAkHNrsEMQd3cbd/VxGRBpJoBDyoB+n1wwDATq4wJRx4Mcbk+9eL
na0FGK9hbwWPeiAUKcMIiAd/YnvHukgXGjUbStznjwX4IJhuz27huDzKt3DVZ5Vz
zGnpWEUxiL42VWsBTXO3rdqvt+NinjXZrk9HK7hfC0Ae9xxyxOjan40btcqjnBo9
UmVIn4H5D/0S71LviuYEDo7d+aeWiaBVWCSODCl8QSaOgle8mWqMJJ2r0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgKhXJY5vR/CV+BcxvFMSVXFbH+MB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEveUFxRmNsam05SDhKWDRGekc4VXhKVmNWc2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWW8MA0G
CSqGSIb3DQEBCwUAA4IBAQAhp4I6vvO145+xWwjieWfPfSPD2xeNbJavKe554JeN
T79j1e+3b/y6aoJpURJrss/WfuvxT0dgDnNHjoiGyjomCgz/OpCtokmMhgw/6u1Z
dxZ3KK458tf1XKkg9OKqdV6vyGNXpWYCRUI+frQa1tBJGPc4U+iI+ccUUUmPfrLt
zs0g2pZjMPHicfY6lDerg3KlPa6oeEbobIwm1ByLsrMrvje6cGB1jgrz7NZTQLFm
mEEDpVQdrrllCuVMJGdIy+wpl7YXYYbzg04ttmjQm8alFI8LBfNWxuScGFrWO0gx
EarPdA8cn2PkqnbOZeI7oliWM3yVIF2MgKlBAx5NMX/P
-----END CERTIFICATE-----